This section discusses the Encrypt Files functionality of the Cryptor module.

The Encrypt Files functionality is used to protect private information and communication from unauthorized access and replication. The process of encrypting files is a procedure which changes the
content of a file in a way that it becomes unreadable (unintelligible). However, the information is preserved and the file can be restored to its original state if a secret password (or key) and
the algorithm which was used to encrypt the file is known. The restoration process is called decryption. The process of encryption is used as a measure to protect data from unauthorized access.
There are many kinds of encryption processes, classified in two main categories:

Symmetric encryption - symmetric encryption uses two inverse functions to encrypt and decrypt the data and a single password. In order to strengthen this type of encryption,
sometimes people use a second password called an Initialization Vector (IV). IV is used to make variations of the encryption, making it more difficult to decipher the encryption results. Although IV is not
really a password it should be treated as such.

Asymmetric encryption - asymmetric encryption uses a single function to encrypt and decrypt the data and two complementing passwords called keys:

Public Key - the Public Key is used to encrypt data. It can be freely given to everyone to encrypt data but it cannot be used to decrypt data.

Private Key - the Private Key is used to decrypt data. It must be kept secret or given only to trusted entities authorized to read data encrypted with
the complementing Public Key. The Private Key can be used to easily find the complementing Public Key. However, the Public Key is increasingly difficult to use to derive the Private Key, especially
as the sizes of the keys grow. Currently, a key length of 256 byte is considered safe as it would take a few thousand years to derive the Private Key from a Public Key of this size. Act On File allows
the use of keys as large as 2048 bytes. Note that using larger keys make the process of encryption and decryption increasingly slow.

Capture: Encrypt Files

Operation

To encrypt files, you need to place the files and folders into the selected items control of the Encrypt Files functionality. Adding folders to the selection controls makes Act On File encrypt all files
contained in the selected folders. If there are any shortcuts in the selected folders, they will be followed or ignored according to the selection in the Shortcuts combo-box. To encrypt the selected items
you need to supply Encryption (public or private) Key in the Public Key field, or a password and initialization vector respectively, depending on the selected encryption type. If you do not have a key or
password, or you require a new one, you can click the "Generate New Key" or "Generate Password / I. Vector" button, which will make the respective key/password generation dialog appear. You can use this
window to generate a new public-private key pair for encryption, or a password and initialization vector. Once you supply the key/password, adjust the encryption controls and the destination for the encrypted
files and then click OK to start the encryption process.

The encrypted files are sent to the target location. The encrypted files have new extensions appended to their names "[file name].[file extension].encrypted".

Controls

Selection Controls

These controls are used to select and display the files and folders for the operation. In addition to the Add Files, Add Folders and Remove buttons, you can use the standard clipboard, drag and drop, and keyboard operations.

Shortcuts

Select the behavior of the functionality in respect to any shortcuts that might be present in the selected folders.

Target

Any shortcut located in selected folder will be dereferenced and its target file or folder will be treated as if it were selected.

Ignore

Any shortcut located in selected folder will be ignored.

Operation Controls

and also

These controls are used to control the operation of the module and thus directly affect the results.

Type

Select the type of encryption required.

Asymmetric

Asymmetric encryption - to encrypt the data using a public key (or private key, as the public key can be internally derived from the Private Key). The private key must be known to decrypt the data. The Public Key cannot be used to decrypt the data.

Symmetric

Symmetric encryption - to encrypt the data using a single password and possibly an initialization vector, both of which must be known to decrypt the encrypted data.

(cipher-block chaining) - uses an initialization vector, stronger than ECB, similar to the CFB mode. For symmetric encryption, the user must know the secret initialization vector. For asymmetric encryption the user is not concerned with the initialization vector, however for software developers: the initialization vector is produced by repeated concatenation (to match the size of the modulus and when required removing the extra data at the end) of the big-endian SHA1-256 hash of the public key used to encrypt the data.

CFB

(cipher feedback) - uses an initialization vector, stronger than ECB, similar to the CBC mode. Not applicable for asymmetric encryption.

Byte Order

When blocks of data are encrypted, they can be stored in one of two directions. Different platforms work with one of these directions. Choose the appropriate direction suitable for the system where the data will be decrypted.

Big-Endian

Store blocks of encrypted data in Big-Endian byte order.

Little-Endian

Store blocks of encrypted data in Little-Endian byte order.

Public Key(Used for asymmetric (RSA) encryption.)

Select or enter the path to the Public Key that is to be used for encrypting the selected items. It is also possible to use the Private Key to encrypt files, however remember to keep Private Keys safe and secret until such a time as they are to be destroyed using True Delete.

Password(Used for symmetric encryption.)

Enter the password you want to use to encrypt the data.

Confirm [Password]

Enter the password again to confirm it.

Hash

The symmetric algorithms work with keys of particular sizes. In order to make any user-entered passwords usable, it is hashed, and the hash is further used to produce a key with a size appropriate for the particular symmetric algorithm. Select which hash algorithm is to be used for producing the encryption key from the entered password. The same hash algorithm must be used when the password is entered for decrypting the data.

Important - Password Strength and Good Practices

In order to keep your data protected, it is important to use strong passwords. That said, you should be able to
remember the password easily, or at least record a reference that helps you (and only you) remember it. Never record the password in plain text. A password
is considered relatively strong if it has all of the following characteristics:

Enter initialization vector. Initialization Vector (IV) is a block of data which is used to start the encryption with feedback algorithms. Using IV greatly strengthens the encryption, and although it is not absolutely required it is highly recommended that IV is kept secret and treated as a second "password". The IV for each particular encryption algorithm has a particular size which must be acknowledged when supplying IV by entering the required number of symbols.

Confirm [I. Vector]

Enter the initialization vector again to confirm it.

Important - Initialization Vector Strength and Good Practices

In order to keep your data protected, it is important to use strong (random data) initialization
vectors when applicable. Although it is not mandatory, it is highly recommended to keep IV a secret. An initialization vector is considered relatively strong if it has all of the following characteristics:

Toggle this checkbox to make the password and initialization vector readable or not.

Set Defaults

The Set Defaults is a user friendly button to set the Operation Controls to a default selection of properties in order help users who might find the settings confusing.

Generate New Key(Used for asymmetric (RSA) encryption.)

Select this button to invoke the dialog used to generate a new Public-Private Key pair for encryption, or the Public key of an already existing Private Key for encryption.

Generate New Key For Encryption Dialog (Asymmetric Encryption)

Use this dialog to generate a new Public-Private Key pair for encryption, or only the Public Key of an already existing Private Key for encryption.

Operation

Select whether to generate a new Public-Private Keys pair, or the Public Key of an already existing Private Key.

Generate New Private-Public Key Pair

Choose this option to make the functionality generate a new set of keys with the selected key length.

Length

Select the length of the key to be generated. Smaller keys are easier to break, while larger keys are difficult to break. However, a larger key takes a longer time to generate, import, encrypt and especially decrypt. At present, a key length of 2048 bits (256 bytes) is considered strong.

Save private key as

Choose path and filename for the newly generated Private Key. Remember that Private Keys must be kept safe and secret until such a time as they are to be destroyed using True Delete.

Save public key as

Choose path and filename for the newly generated Public Key. Give the encryption Public Key to any other party, so that they can encryption information and send it the owner of the Private Key, who only can decrypt the information. Public Keys must be supplied in a way that guarantees that the key belongs to its owner. We publish our Public Key on our website.

Produce Public Key From Private Key

Select this option when the Private Key already exists, and only its Public counterpart is required. Private Keys must always be kept safe and secret, while public keys are intended to be made public. The owner of the Private Key need not always keep a copy of the Public Key, instead they could keep only the Private Key and produce the Public Key at any time and supply it to other parties as needed.

Source private key

Select the Private Key for encryption whose Public counterpart will be produced. Remember that Private Keys must be kept safe and secret until such time as they are to be destroyed using True Delete.

Produce public key

Choose path and filename for the generated Public Key for encryption. Give the Public Key to any other party, so that they can encrypt information and send it to the owner of the Private Key who only can decrypt it. Public Keys must be supplied in a way that guarantees that the key belongs to its owner. We publish our Public Key on our website.

Use this public key to encrypt the selected files

Set this checkbox to copy the path of the selected Public Key into the Public Key selection control of the Encrypt Files functionality to be used to encrypt the selected files and folders content.

On Top

Sets and clears the Always On Top flag on the owner Encrypt Files window. This checkbox adds or removes the window from the group of Top-most windows.

OK

Commits to work.

Cancel

Closes the dialog without doing any work and returns the control to its owner Encrypt Files dialog.

Generate Password / I. Vector(Used for symmetric encryption.)

Select this button to invoke the dialog used to generate strong Passwords and Initialization Vectors.

Use this dialog to generate new Passwords and Initialization Vectors. The size of the generated initialization vectors matches the size required by the currently selected symmetric algorithm.

Password

A strong password generated by the common rules for strong passwords is placed in this field. You can copy the password to the clipboard, generate a new password, or insert it in the Password field of the parent Encrypt Files dialog by selecting the checkbox below.

New Password

Press this button to generate a new password.

Use this password to encrypt the selected files

Select this checkbox to place the currently displayed password in the Password field of the parent Encrypt Files dialog upon pressing the OK button.

Initialization Vector

A strong initialization vector generated by the common rules for strong initialization vector is placed in this field. You can copy the initialization vector to the clipboard, generate a new initialization vector, or insert it in the I. Vector field of the parent Encrypt Files dialog by selecting the checkbox below.

New Init. Vector

Press this button to generate a new initialization vector.

Use this init. vector to encrypt the selected files

Select this checkbox to place the currently displayed initialization vector in the I. Vector field of the parent Encrypt Files dialog upon pressing the OK button.

On Top

Sets and clears the Always On Top flag on the owner Encrypt Files window. This checkbox adds or removes the window from the group of Top-most windows.

OK

Commits to work.

Cancel

Closes the dialog without doing any work and returns the control to its owner Encrypt Files dialog.

Destination Controls

These controls are used to direct the output location in which the module will store the encrypted files.

Destination

Select the output type and location.

Common Place

All encrypted files are stored in the target folder and are named "[filename].[extension].encrypted". Caution is required as encrypted files with matching names may overwrite each other.

Original Location

The encrypted files are deposited in the same folder as the original files and are named "[filename].[extension].encrypted"

Reflecting Tree

The same directory structure as the directory structure of the selected files and folders is replicated, starting from the selected target folder. Each encrypted file is named "[filename].[extension].encrypted" and is deposited in the newly created folder respective to the folder containing the encrypted file.

at folder

Select folder to be used for the "Common Place" and "Reflecting Tree" options.

Send email

Set this checkbox to request the module to start the default e-mail software installed on the machine and attach the encrypted files to a new e-mail message.

Further Actions Controls

These controls are used to help to automate some common activities after the process is successfully completed.

Delete Source Items

Set this checkbox to request the module to send the source items to the Recycle Bin after a successful encryption process.

Confirm Delete [Source Items]

Set this checkbox to confirm the request to delete the source items after a successful encryption process.

Window Controls

These controls have generic meanings.

On Top

Sets and clears the Always On Top flag on the window. This checkbox adds or removes the window from the group of Top-most windows.

OK

Commits to work and encrypts the data. Note, an Enter Key (password) dialog will be displayed first.

Cancel

Closes the window without doing any work. The last selected properties are stored.